Slashdot Mirror
Windows, Linux Kodi Users Infected With Cryptomining Malware (zdnet.com)
An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET. According to a report that will be published later today and shared with ZDNet in advance, the company's malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users' computers.
ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.
ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.
XBMC\Kodi is a rather large HTPC platform. The issue is not with their software. The issue is they allow plug-ins to extend functionality which is something that makes its very powerful. I use it to auto-rip a DVD while it plays for instance. You are well warned when you install from 3rd party repositories like the ones in question. It is no different than the varies app stores when Android first started that will full of all sorts of baddies.
At the end of the day if you're installing software from untrusted sources then you sort of deserve what you get. As an avid user of Kodi I never used any of those repositories so I've got nothing to worry about.
Kodi can be installed on anything. Just because Windows is full of bugs that can cause Kodi problems doesn't mean Kodi did something wrong.
I would like to see them say something about this however as there are users out there that are less than technical and actually bought Kodi machines off Amazon back you were still allowed to.
And it's likely that the trojaned plugins were not downloaded from the official Kodi site. Need to wait for the details of course.
When all you have is a hammer, every problem starts to look like a thumb.
Oh Noes, in maybe a few years, my raspberry pi will have mined a coin. how will I pay for the 0.25 in electricity?
The word "today" is a little too broad, is it not?
How about this:
If you choose to install malware, you'll get malware. To get infected by this you have to go to one of three fly by night repositories of illegal plugins and choose to install a plugin that turns out to be doing a different kind of illegal activity than you expect (crypto mining instead of media piracy). It should not be a shock that dealers in illegal goods aren't always trustworthy -- it's like being shocked when your drug dealer steals from you.
This space intentionally left blank
Are the trojaned plugins open source? I somehow doubt it. It's the closed-source so-called "freeware" that is the most dangerous vectors for malware these days.
Kodi doesn't contain malware it's the illegal add-ons and code overlays. From the site: https://kodi.tv/article/warnin...
I use it to auto-rip a DVD while it plays for instance.
What addon do you use for this purpose?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Never listen to Alexander Peter Kowalski's lies.
Like how he claims the Chinese copied him but can't produce any evidence.
How about when he states that hosts does port filtering but again can't backup his statement which was shown to be false.
There is also his list of "experts" who support him but it turns out they don't say what he is claiming.
This also ignores his out of context quotes he uses to lie by omission.
The problem with APK is that his entire reputation is built upon the lie he told years ago that hosts is an effective security solution. It has been exposed numerous times as being a lie and when exposed APK fails to argue logically and instead will try to deflect criticism, change the subject, move the goal posts, return to a previously disproved statement, demand you prove you did better than his file concatenator, or just call people names. Expect that he will used these tactics to try to deflect from these criticisms. He will continue to lie by stating that he won or "dusted" you while failing to refute anything you said, will never provide real evidence, and generally try to dodge the issue.
Face it APK is one of the most detested individuals here for good reason. When ever his poor behavior, awful logic, over statements, and horrendous writing are called out he has a fit and has done so for years across the internet. He is a spammer, and is an abusive insecure little man who is washed up and never amounted to anything. Until he produces actual verifiable facts supporting his case nothing he says should be taken seriously.